How to Configure an Internet-Facing Deployment for Microsoft Dynamics CRM 4.0

How to Configure an Internet-Facing Deployment for Microsoft Dynamics CRM 4.0

Microsoft /
How to configure an Internet-Facing Deployment for Microsoft Dynamics CRM 4.0 /
5/22/2009 /
This document is intended to cover how to set up the Microsoft Dynamics CRM 4.0 Web site to make it available from the Internet. This document will cover the following Internet-Facing Deployment (IFD) scenarios for Microsoft Dynamics CRM 4.0.
  • Install or Upgrade Microsoft Dynamics CRM 4.0 through the user interface (UI) setup
  • Install or UpgradeMicrosoft Dynamics CRM 4.0 with a configuration file

Table of Contents

Overview

Using a configuration file or the “CRM40IFDTool”

Setup test DNS record

Microsoft Dynamics CRM Data Connector for SQL Server Reporting Services

Scenario 1: Install or Upgrade Microsoft Dynamics CRM 4.0 through the user interface (UI) setup

Scenario 2: Install or Upgrade Microsoft Dynamics CRM 4.0 with a configuration file

How to use the CRM40IFDTool

Steps to run the tool

More Information

ISA Server

Turn off IFD

Log File

Installing CRM with IFD enabled against an existing website with Host headers or a Certificate enabled on the website.

Splitting Out Server Roles

Troubleshooting Information

FAQ

Send Feedback on the article

How to configure anInternet-Facing Deployment for
Microsoft Dynamics CRM 4.0

This document will cover the following Internet-Facing Deployment (IFD) scenarios for Microsoft Dynamics CRM 4.0.

  • Install or Upgrade Microsoft Dynamics CRM 4.0 through the user interface (UI) setup
  • Install or Upgrade Microsoft Dynamics CRM 4.0 with a configuration file

This document is intended to cover how to set upMicrosoft Dynamics CRM 4.0 to make it ready to be accessed from the Internet. This document will not cover the steps that youmust complete to make a server available from the Internet. There will be additional steps depending on if you are using ISA server, firewalls or anything else in your environment that may need to be configured to get your server accessible from the internet.

Overview

Using aconfiguration file or the “CRM40IFDTool”
To successfully set up a Microsoft Dynamics CRM 4.0 IFD environment, there are several items that must be set for authentication to work correctly. These options are set when you install Microsoft Dynamics CRM 4.0 by using a configuration file or by using the “CRM40IFDTool” after Microsoft Dynamics CRM is installed to enable IFD.

Enabling IFD does the following:

  • The web.config file contains an authentication strategy parameter. This parameter will be updated to “ServiceProviderLicenseAgreement”
    For example, you would see the following parameter in the web.config file:
    <authentication strategy =”ServiceProviderLicenseAgreement”/>
  • TheEnable anonymous access authentication method on the Microsoft Dynamics CRM 4.0 Website ismarked.
    Note: The Integrated Windows authentication method must remain marked for internal users who do not access the Microsoft Dynamics CRM Web site by usingthe IFD deployment.
  • The DeploymentProperties table in the MSCRM_ConfigSQL database has three values that are updated.
  • IfdRootDomainScheme
  • http or https
  • IfdSdkRootDomain
  • Domain.com
  • IfdWebApplicationRootDomain
  • Domain.com
  • The IfdInternalNetworkAddressregistry key on the Microsoft Dynamics CRM server is updated. This registry keydetermines whether the user is logging into the Microsoft Dynamics CRM Web site from the Internet or Intranet.This registry value then determines whether the user uses CRM ticket authentication (Internet) or Integrated Windows authentication (Intranet).
  • The IfdInternalNetworkAddress registry key is located here:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM
  • This key holds an example of an ip address and the subnet of the domain. For example, the key may hold the following ip address and subnet value:
  • 192.220.100.96-255.255.255.0
  • If you have more than 1 subnet, you can add multiple values to the registry key.
    Note: The values must be separated by a comma.
  • 192.220.100.1-255.255.255.0,192.220.64.1-255.255.252.0
  • Key encryption will be enabled.
  • Fora user to log onto the Microsoft Dynamics CRM Web site with the CRM Ticket Authentication, the CRMTicketKeymust to be enabled. Without a ticket the authentication will fail.
  • The key encryption is enabled by setting the ifdsettings enabled="true"> option in the configuration file when you install or upgrade to Microsoft Dynamics CRM 4.0. You can also use the “CRM40IFDTool” to enable the key encryption after the install or upgrade.

Setup test DNS record
After you have completed the installation or upgrade by using a configuration file or the “CRM40IFDTool,” you must set up a DNS record for each organization that will be accessed externally from the Internet. Setting up the DNS record enables the Websiteto correctly resolve externally.

  • When Microsoft Dynamics CRM 4.0 is installed, or when you create a new organization, you provide a Display Name and a Name for each organization. The Name field is a unique name that must be less than 30 characters and cannot contain spaces or other special characters. This Name is used in the URLaddress when you open the Microsoft Dynamics CRM Web site. The DNS host record that needs to be setup is for the Name of each organization you need to access through IFD.
  • For example, assume theDisplay Namevalue is Microsoft CRM and theNamevalue isMicrosoft. To open the Microsoft Dynamics CRM Web sitefor an IDF deployment, the URLaddress would be You would need to create a DNS host record called Microsoft.
    Note: This example assumes the DNS records are set upto correctly resolve this URLaddress externally.

Microsoft Dynamics CRM Data Connector for SQL Server Reporting Services
You must install the Microsoft Dynamics CRM Data Connector for SQL Server Reporting Services on the Microsoft SQL Server Report Server if users will run Microsoft Dynamics CRM reports when accessing Microsoft Dynamics CRM over IDF.

Note: Microsoft SQL 2005 Workgroup Edition does not support custom data extensions for SQL Server Reporting Services. Therefore, the Microsoft Dynamics CRM Data Connector for SQL Server Reporting Services will not work when installed on the Microsoft SQL 2005 Workgroup Edition.

For more information, see the following Microsoft Knowledgebase (KB) article:

Scenario 1: Install orUpgradeMicrosoft Dynamics CRM 4.0 through the user interface (UI) setup

There are no options to enable the Microsoft Dynamics CRM 4.0 IDF deployment in the Setup Wizard. Therefore the CRM40IFDTool must be used to enable IFD after Microsoft Dynamics CRM 4.0 is installed. In this example CRM has been installed or upgraded to CRM 4.0 and our unique Organization Name is called Microsoft

Post Installation Tasks for Scenario 1:

  1. Run the ‘CRM40IFDTool’to enable the IFD environment. This tool is available for download in the following Microsoft KB article: information on how to run the ‘CRM40IFDTool’ see the ‘How to use the Microsoft Dynamics CRM Internet Facing Deployment Configuration Tool’ section in this document.
  2. Create a Host or Alias record in DNS for each Microsoft Dynamics CRM organization that will be accessed externally on the Internet. For the URLaddress to resolve correctly,you must create a DNS Host or Alias record for the for the unique organization name in Microsoft Dynamics CRM. For example: Microsoft.domain.com would need a DNS host or alias record called Microsoft.
  3. To create a DNS host or alias record follow these steps:
  4. On your DNS server click Start, click Run and type in dnsmgmt.msc
  5. Expand Forward Lookup Zones and right click your domain.com folder and choose New Host (A)or New Alias (CNAME)
  6. In the Name field or Alias name field type the unique organization name you specified when setting up CRM.
    Note: If you do not know the unique name you can check this in Deployment Manager on the Microsoft Dynamics CRM Server by selecting the Organizations node and then right click on your Organization name and choose properties.
  7. Then type in the IP address of the CRM Server if you are creating a host record and click Add Host, then click OK and click Done. If you are adding an Alias click Browse and add the Microsoft Dynamics CRM server and click OK.

Scenario 2: Install or UpgradeMicrosoft Dynamics CRM 4.0 with a configuration file

You cancreate IFD settings in the configuration file. Then, you can use the configuration file during the Microsoft Dynamics CRM installation or upgrade to enable IFD.

Thefollowing options are available in the configuration file:

  • ifdsettingsenabled="true"/"false">

This option should only be used for Internet-facing deployments. Set enabled = "true" to notify Microsoft Dynamics CRM Server Setup to configure the deployment for Internet access. If the ifdsettings> element is not specified, the enabled attribute value is set to false.

  • internalnetworkaddressIP Network Address-Subject Mask</internalnetworkaddress
    IP address and subnet mask, such as 157.56.137.105-255.255.255.0. This is the internal IP address and the associated subnet mask of the subnet where your internal users reside. The subnets you enter here will be for the computers that you want to be considered as internal and you do not want the users to login through the IFD environment when they are on these subnets. To enter multiple subnets use a comma to separate the values in the configuration file

Note: If you leave this element blank, all communication to the Microsoft Dynamics CRM server will be considered as internal and users will default to windows authentication when hitting the Microsoft Dynamics CRMwebsite.

  • rootdomainschemehttps/http</rootdomainscheme
    Must be https, which will use secure sockets layer (SSL), or http, which will use the nonsecure HTTP protocol.
    Note: Setup does not require SSL on the Web site where Microsoft Dynamics CRM is installed. We strongly recommend that you specify the https value in the rootdomainscheme element. In addition, after Setup is complete, to help protect information that is transmitted between users and Microsoft Dynamics CRM Server, we recommend that you configure the Web site to require SSL. For more information about how to use SSL, see the Internet Information Services (IIS) Manager Help.
  • sdkrootdomaindomain.com</sdkrootdomain>
    Specifies the domain name that will be used for applications that use the methods described in the Microsoft Dynamics CRM 4.0 Software Development Kit (SDK). The value that is set here will be prefixed by your unique organization name to form the URL so you only need to put in the domain.com
  • webapplicationrootdomaindomain.com </webapplicationrootdomain> Specifies the domain name that will be used for the Microsoft Dynamics CRM Web application and Microsoft Dynamics CRM for Outlook. The value that is set here will be prefixed by your unique organization name to form the URL so you only need to put in the domain.com

Note: If you are going to split out your server roles see the More Information section at the end of this document.

The following configuration file example contains an IFD section:
ifdsettings enabled="true">

<internalnetworkaddress>192.200.47.1-255.255.255.0</internalnetworkaddress>

<rootdomainschemehttps</rootdomainscheme

<sdkrootdomaindomain.com</sdkrootdomain

<webapplicationrootdomaindomain.com</webapplicationrootdomain

</ifdsettings

NOTE:For more information about configuration file installations, see the Microsoft Dynamics CRM 4.0 Implementation Guide.

After the installation is complete, when you log on to the Microsoft Dynamics CRM Web site from a computer that is outside the subnet zone(s) you specified in the IFDInternalNetworkAddress registry key, you will get redirected to the sign in page like in the screen shot below.

Post Installation Tasks for Scenario 2:

  1. Create a Host or Alias record in DNS for each Microsoft Dynamics CRM organization that will be accessed externally on the Internet. For the URL address to resolve correctly, you must create a DNS Host or Alias record for the for the unique organization name in Microsoft Dynamics CRM. For example: Microsoft.domain.com would need a DNS host or alias record called Microsoft.
  2. To create a DNS host or alias record follow these steps:
  3. On your DNS server click Start, click Run and type in dnsmgmt.msc
  4. Expand Forward Lookup Zones and right click your domain.com folder and choose New Host (A)or New Alias (CNAME)
  5. In the Name field or Alias name field type the unique organization name you specified when setting up CRM.
    Note: If you do not know the unique name you can check this in Deployment Manager on the Microsoft Dynamics CRM Server by selecting the Organizations node and then right click on your Organization name and choose properties.
  6. Then if you are creating a host record type in the IP address of the Microsoft Dynamics CRM Server and click Add Host, then click OK and click Done. If you are adding an Alias click Browse and add the Microsoft Dynamics CRM server and click OK.

How to use the CRM40IFDTool

Steps to run the tool

  1. Download the CRM4IFDTool from the following Microsoft KB article:
  1. On the computer that is running the server installation of Microsoft Dynamics CRM 4.0, extract the CRM4IFDTool to the following directory:
    drive :\Program Files\Microsoft Dynamics CRM\Tools
  2. Run the CRM4IFDTool.exe tool.
  1. Click the Authentication Strategy list and click IFD+On Premise.
    cid EBCF0
  1. Type the IP Address and the subnet.

Note: The IP address is just an example of a valid IP address on the specific subnet. It does not have to be the IP address for the Microsoft Dynamics server. You can enter more than one subnet. The subnets you enter here will be for the computers that are internal and you do not want the users to login through the IFD environment when they are on these subnets.

  1. Click the IFD Domain Scheme list, and then click either HTTP or HTTPS.
  1. Type the IFD App Root Domain and IFD SDK Root Domain. This will only be the domain name. For example, type domain.com or subdomain.domain.com

Note: The IFD settings will be how the client computers will access the Microsoft Dynamics CRM 4.0 Website when not logged on the local Intranet. The domain name entered here will be prefixed by the unique organization name to form the full URL of the IFD environment when the user is logging in.

  1. The AD Domain Schemeshould already be filled in from when you installed CRM.
  1. The AD App Root Domain and AD SDK Root Domainwill also already be filled in from when you installed CRM. However, you can use this tool to change them if needed.

Note: Do not type http or https as that is already selected in theAD Domain Scheme list.

Note: The AD settings will be how the client computers will access the Microsoft Dynamics CRM 4.0 Website when loggedon the local Intranet and not logging on through IFD.

  1. Click File, and then click Apply Changes.

More Information
The CRM4IFDTool tool will enable IFD for Microsoft Dynamics CRM 4.0. However, you must create the DNS record and verify the server and Microsoft Dynamics CRM 4.0 website are accessible from the Internet. The CRM40IFDTool will only change the settings needed to get Microsoft Dynamics CRM 4.0 ready to be accessed externally.

ISA Server

If you are configuring IFD in an environment where an ISA Server 2006 is being used please refer to this blog post for more information.

Turn off IFD
You can also turn off IFD by selecting the On Premise option in the Authentication Strategy list, and then click Apply Changes.
IMPORTANT: Before making any changes to the On Premise option, you must verify the values in the AD Domain Scheme , AD App Root Domain and AD SDK Root Domain are correctly set. Otherwise if the settings are left blank and you click Apply Changes, those settings will be updated with a null value in the MSCRM_Config database. This will result in users not being able to login to the Microsoft Dynamics CRM 4.0 Website.

Log File
To look at the log file created when you run the CRM4IFDTool follow these steps:
1. Click Start, click Run, type %appdata%\Microsoft\MSCRM\Logs,and then click OK. The file is called CRM40IFDTool.log

Installing CRM with IFD enabled against an existing website with Host headersor a Certificate enabled on the website.

If you havean existing website with host headersor a Certificate enabled and you chose to install Microsoft Dynamics CRM against the website and enable IFD the following changes needs to be made.

  1. DNS Changes needed:
  2. On your DNS server click Start, click Run and type in dnsmgmt.msc
  3. Expand Forward Lookup Zones and expand your domain.com. Find your current alias for the website you installed Microsoft Dynamics CRM to and delete it.
  4. Right click your domain.com folder and choose New Host (A)
  5. Type in the unique organization name and the host header name.
    Example: if your unique organization name is Microsoft and yourhost headeror certificate on the website is crm.domain.com then you would enter Microsoft.crm for the Host record
  6. Enter the IP Address of the CRM Server and click Add Host then click OK and click Done.
  7. IIS changes needed for host headers
  8. On your Microsoft Dynamics CRM server click Start, click Run and type in inetmgr
  9. ExpandWeb Sites and right click the Microsoft Dynamics CRM website and click properties.
  10. Click on the Web site tab and then click on the Advanced button
  11. If your unique organization is called Microsoft and your alias is crm and your domain is domain.com enter a host header using the following format Microsoft.crm.domain.comNote: If you have multiple IP’s assigned to the CRM server make sure to point host header to the IP specified in step 1.e
  12. IIS changes needed for certificates
    If your current certificate is crm.domain.com you would need to get a new certificate that would be called Microsoft.crm.domain.com or a wildcard certificate for *.crm.domain.com
    Note: Wildcard certificates will be needed if you plan to have more than one organization enabled for IFD.
  13. Run the ‘CRM40IFDTool’to enable the IFD environment. This tool is available for download in the following Microsoft KB article: information on how to run the ‘CRM40IFDTool’ see the ‘How to use the Microsoft Dynamics CRM Internet Facing Deployment Configuration Tool’ section in this document.
  14. The values you will specify in the CRM40IFDTool will be
    IFD App Root Domain –crm.domain.com
    IFD SDK Root Domain –crm.domain.com
    AD App Root Domain –crmserver:80
    AD SDK Root Domain –crmserver:80
Top View